And how to get the most out of them

Firewalls serve two main purposes:

First it protects computer systems and networks from malicious activity coming across Internet connections. It also gives computer network administrators the ability to control the types of communication that can be conducted over Internet connections within a specific computer network.

The first purpose is similar to the purpose of the anti-virus and anti-spyware software you may be using on your home computer. Viruses and automated programs that have been written for malicious purposes can attack any Internet-connected computer in a variety of ways. Anti-virus programs may catch these, but a firewall acts as a communications filter which can stop malicious communications from ever reaching your computer.

The second purpose is less common with home computers and computer networks, but usually standard (though we are always surprised how many companies do not know that they can do this) in companies with several Internet-connected employees. The network firewall can and should be programmed with specific, customized rules that may restrict employees from visiting websites that are unrelated to business goals or that may pose security risks. In companies that deal in highly sensitive or confidential information, a firewall can and should have very rigid rules programmed to help protect that information.

Most firewalls protect networks by maintaining lists of rules for filtering data and of characteristics of both "safe" and "unsafe" data. Whenever a user sends information via the Internet, it passes through the firewall first, allowing the firewall to filter the data according to the standards set by the network administrator. When data comes from the Internet and into the computer, it  is again passed through the series of filters and any bits of data flagged by the firewall as being "unsafe" are discarded.

Controlling the Flow of Information

Firewalls can provide basic tools to control where your employees are going on the Internet, and what activities they are participating in. If you want to customize access on an individual or group basis, there is a better solution. One of our favorites is from Cymphonix (www.cymphonix.com). Their solution allows you to set granular permissions on individuals, user groups, and globally. One of the things that we like about this solution is that not only can you restrict access, you can also manage what types of applications or what user’s bandwidth allowances are. We have one client that  could not get high speed internet access at their location. They called one day saying that their Internet was so slow that it was taking minutes to render a page in their browser, and that mail was taking forever to be delivered. It turns out that a number of employees were streaming audio and TV programming to their desktops and using all of the available bandwidth. Talk about insult to injury – not only were they being paid to be non-productive, but they were taking the rest of the company with them. Some firewall tweaks (at minimum) or a Cymphonix box would have been a quick solution to that problem.

Taking Care of Your Firewall

It is a little known fact that just like the rest of us, firewalls need some occasional love and attention to achieve their true potential. We estimate that over 70% of small and medium sized businesses in Portland have never updated, or reviewed their firewall configuration since they installed it. We have even found a number of clients who were paying for high speed Internet, but were not getting what they were paying for because their old firewall was not able to handle the speed of their new connection.

At minimum, we recommend a firewall inspection twice per year and we provide this service free of charge to clients and non-clients alike. All a business has to do is call 503-241-3499 and say “I would like a complementary firewall inspection…” We will come out at a time of your convenience and let you know how you are doing, recommend any appropriate changes, and make those changes at no cost whatsoever. Keep in mind that unlike other IT support companies, Portland Managed Services does not sell hardware, so we never have any hidden interest in having you buy new gear – if what you have is appropriate and meets your needs, we will tell you. If you should upgrade, we will make recommendations to you, and if you choose to act on those recommendations, you are free to purchase from any vendor you like.

If you have questions about the Cymphonix tool,  or any uncertainty about your networks security, please don’t hesitate to call us as  503-241-3499. If you have at least 1 server and 5 desktops, we can schedule a time to come out to answer questions and help you determine if your network security is as strong as it should be.∆